Hello everyone, I have just merged and pushed a slightly modified version of David's pull request to the main repository.
David, thanks for spotting this. Since the change has some side-effects as SChannel and the CryptoAPI are not fully compliant with RFC 2818 section 3.1, I added the following note to the commit message: SChannel and CryptoAPI do not support the iPAddress subjectAltName according to RFC 2818. If present, SChannel will first compare the IP address to the dNSName subjectAltNames and then fallback to the most specific Common Name in the Subject field of the certificate. This means that after this change curl will not connect to SSL/TLS hosts as long as the IP address is not specified in the SAN or CN of the server certificate or the verifyhost option is disabled. Best regards, Marc ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html